AA Cars Online Privacy Notice 


This privacy notice lets you know what happens to the personal data we use and hold when you 
interact with the AA Cars. 


The AA and our Data Protection Officer 


We are Used Car Sites Limited, known as AA Cars. Our main address is Fanum House, Basing 
View, Basingstoke, Hampshire, England, RG21 4EA. We are a data controller of your personal 

data. We have a dedicated data protection officer (“DPO”). You can contact the DPO using the 

details at the bottom of this notice. 


Personal data we hold and use 
The list below sets out the types of personal information that we hold and use about you: 


e Personal and contact details, such as title, full name, contact details and contact details 
history 

e Your date of birth, gender and/or age 

e Records of your contact such as via our phone number and, if you get in touch with us 
online using our online services, details such as IP address 

e Products and services you hold 

e Marketing information on you and related data analysis, including history of those 
communications, whether you open them or click on links 

e Vehicle information, such as make and model, faults, repairs and repair costs. Offers 
may include the AA’s car, insurance, financial services, connected car, travel and any of 
The AA's other products and services 

e Information about your use of products or services held with our business partners, such 
as insurance policies, or financial services and products 

e Information we obtained from third parties, such as AA Cars dealerships 


We may be unable to provide you with our products or services if you do not provide certain 
information to us. In cases where providing some personal information is optional, we'll make this 
clear. 


Sources of personal data 
The information we hold comes from different sources. These are: 


e From you directly 

e Information generated about you when you use our products and services 

e From a broker or other intermediary (for example, comparison site) who we work with to 
provide products or services or quote to you 

e AA Group companies if you already have a product with them, have applied for one or 
have held one previously 

e Business partners (for example, financial services institutions, insurers), or others who 
are a part of providing your products and services or operating our business 


Reasons for using of your personal data 


The reasons we use your information are below. We have arranged them according to the lawful 
basis that allows us to use the data. 


1. To provide you with our products or services or decide whether to do so: 


a) Assessing an application for a product or service, including considering whether or not to 
offer you the product or service, the price, the risk of doing so, availability of payment 
method and the terms 

b) Managing the product or service you have with us 

c) Managing any aspect of the product or service 


AA Cars Privacy Notice — Online — v1.0 — April 2020 


d) To monitor and to keep records of our communications with you and our staff (see below) 

e) To administer our good governance requirements and those of The AA and other 
members of the AA Group, such as internal reporting and compliance obligations or 
administration required for Annual General Meeting (“AGM”) processes 

f) For market research and analysis and developing statistics 

g) For direct marketing communications and related profiling to help us and The AA to offer 
you relevant products and service, including deciding whether or not to offer you certain 
products and service. We’ll send marketing to you by SMS, email, phone, post, social 
media and digital channels (for example, using Facebook Custom Audiences and Google 
Custom Match). Offers may relate to any of our products and services such as cars, 
roadside assistance, money and financial services, insurance, travel, member offers 
("Member Benefits") as well as to any other offers and advice we think may be of interest 

h) To provide personalised content and services to you, such as tailoring our and The AA’s 
products and services, digital customer experience and offerings, and deciding which 
offers or promotions to show you on our digital channels 

i) To develop new products and services and to review and improve current products and 
services 

j) To comply with legal and regulatory obligations, requirements and guidance 

k) To provide insight and analysis of our customers both for ourselves and for the benefit of 
business partners either as part of providing products or services, helping us improve 
products or services, or to assess or improve the operating of our businesses 

l) To share information, as needed, with business partners (for example, financial services 
institutions, insurers), account beneficiaries, service providers or as part of providing and 
administering our products and services or operating our business 

m) To facilitate the sale of one or more parts of our business 

n) To enable us, The AA or other AA Group companies to perform any of the above 
purposes 


2. For our legitimate interests: 


a) Managing your products and services relating to that, updating your records 

b) To perform and/or test the performance of, our and our business partners’ products, 
services and internal processes 

) To follow guidance and recommended best practice of government and regulatory bodies 

d) For management and audit of business operations including accounting 

) To carry out searches at Credit Reference Agencies at the pre-application and 

application stage, and periodically after that. Where you have been introduced to us by a 

broker or other intermediary they may do these searches on our behalf 

f) To carry out monitoring and to keep records of our communications with you and our staff 
(see below) 

g) To administer our good governance requirements and those of other members of our 
Group, such as internal reporting and compliance obligations or administration required 
for AGM processes 

h) For market research and analysis and developing statistics 

i) For direct marketing communications and related profiling to help us to offer you relevant 
products and services, including deciding whether or not to offer you certain products and 
service. We will send marketing to you by SMS, email, phone, post and social media and 
digital channels (for example, using Facebook Custom Audiences and Google Custom 
Match 

j) Subject to the appropriate controls, to provide insight and analysis of our customers to 
business partners either as part of providing products or services, helping us improve 
products or services, or to assess or to improve the operating of our businesses 

k) For some of our profiling and other automated decision making 

1) Where we need to share your personal information with people or organisations in order 
to run our business or comply with any legal and/or regulatory obligations 


3. To comply with our legal obligations 
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4. With your consent or explicit consent: 


a) For some direct marketing communications 

b) For some of our profiling and other automated decision making 

c) For some of our processing of special categories of personal data such as about your 
health, if you are a vulnerable customer 


5. Fora public interest, such as: 


a) Processing of your special categories of personal data such as about your health or if 
you are a vulnerable customer 


Sharing and disclosures of your personal data 
We may share information with the following third parties for the purposes listed above: 


e With AA Group and branded companies, in particular Automobile Association 
Developments Limited (including AA Breakdown Services), Automobile Association 
Insurance Services Limited, and Automobile Association Financial Services Limited 

e Business partners (for example, financial services institutions, insurers), account 
beneficiaries, or others who are a part of providing your products and services or operating 
our business including Evolution Funding Ltd, the Bank of Ireland (UK) plc, Northridge NIIB 
Group Ltd, trading as Northridge Finance, AUTOD2 Ltd, trading as Wizzle and Marshall 
Leasing Ltd, trading as Marshall Leasing 

e Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the 
Prudential Regulation Authority, the Ombudsman, the Information Commissioner's Office 
and under the Financial Services Compensation Scheme 

e Other organisations and businesses who provide services to us such as debt recovery 
agencies, back up and server hosting providers, IT software and maintenance providers, 
document storage providers and suppliers of other back office functions 

e Market research organisations who help us to develop and improve our products and 
services 


Withdrawing your consent 
If we rely on your consent, you can withdraw this at any time. Use the contact details below or on 
our website. 


Transfers outside of the UK or EEA 


Your personal information may be transferred outside the UK or European Economic Area, for 
example to service providers. If we do so, we'll make sure that suitable safeguards are in place 
where required, for example contractual agreements or other legal measures unless certain 
exceptions apply. 


Changes to your data 


You should tell us so that we can update our records via the contact details provided below and 
we'll then update your records if we can. Alternatively, you can update your personal information 
on your AA Cars account. 


Monitoring communications 


We may monitor, communications with you, where permitted by law. We do this for quality 
control and staff training purposes, to comply with regulatory rules, to prevent or detect crime, to 
protect the security of our communications and data to enforce compliance with business polices. 


Retention of your data 


Unless we explain otherwise to you, we'll hold your personal information based on the following 
criteria: 
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e For as long as we have reasonable business needs; 

e For as long as we provide products or services to you and then for as long as someone 
could bring a claim against us; or 

e To comply with legal and regulatory requirements or guidance. 


Your data protection rights 


Here is a list of the rights that all individuals have under UK data protection laws. They don’t 
apply in all circumstances so your request may not always be granted. If you wish to use any of 
them, we'll explain at that time if they apply or not, and if we will comply or not with your request, 
including the reasons why. 


e The right to be informed about the processing of your personal information; 

e The right to have your personal information corrected if it is inaccurate and to have 
incomplete personal information completed; 

The right to object to processing of your personal information; 

The right to restrict processing of your personal information; 

The right to have your personal information erased; 

The right to request access to your personal information and how we process it; 

The right to move, copy or transfer your personal information; and 

Rights in relation to automated decision making which has a legal effect or otherwise 
significantly affects you. 


You have the right to complain to the Information Commissioner’s Office which enforces data 
protection laws. You can contact our DPO for more details on all the above. 
Your right to object 


You have the right to object to certain purposes for processing, in particular to data processed for 
direct marketing purposes and to data processed for certain reasons based on our legitimate 
interests. You can contact us via dataprotection@theaacars.com to exercise these rights. 


Opting out of marketing 

You can stop our marketing at any time by contacting us on the details below, emailing 
dataprotection@theaacars.com or following the instructions in the communication. 
Changes to this privacy notice 


We may change this privacy notice from time to time by updating this page to reflect changes in 
the law and/or our privacy practices. We encourage you to check this privacy notice for changes 
whenever you visit the AA Cars website. 


Contact Us or our DPO 


If you have any questions about this privacy notice, or if you wish to exercise your rights or 
contact the DPO, you can contact us by going to the Contact Us section of our website. 
Alternatively, you can write to AA PLC, Fanum House, Basing View, Basingstoke, Hampshire, 
RG21 4EA, marking it for the attention of the DPO or email dataprotection@theaacars.com 


AA Cars Privacy Notice — Online — v1.0 — April 2020 


